644 matches found
Better Credential Management for Better Vulnerability Results
Often the first time the security team knows that credentials have expired is when their scans start to return dramatically fewer vulnerabilities. We all know getting credentialed access yields the best results for visibility. Yet, maintaining access can be difficult. Asset owners change...
USN-3308-1: Puppet vulnerabilities
Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. CVE-2014-3248 It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute...
Better Trusted Scanning with Qualys-CyberArk Integration
To manage privileged credentials, especially across multiple systems in complex environments, many organizations use privileged account security solutions. Qualys has integrated with such solutions for a long time, and has recently upgraded its CyberArk integration to include CyberArk Application...
Is Your Security Team Setup To Fail?
The ingredients for strong cybersecurity aren’t a secret. In fact, they haven’t changed significantly over the past 20 years—the ingredients are available to almost every organization out there. On the surface, doing security isn’t that hard: | Patch quickly and frequently. Use reasonable securit...
Hikvision Centralized Surveillance Application Management System Has S2-045 Remote Command Execution Vulnerability
Hikvision is a video-centric IoT solution and data operation service provider. Hikvision's centralized surveillance application management system uses Apache middleware as the framework, which suffers from S2-045 remote command execution vulnerability, allowing attackers to exploit the...
Moderate: Red Hat Security Advisory: ipa security and bug fix update
An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
[SECURITY] Fedora 24 Update: freeipa-4.3.2-4.fc24
IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...
RedHat Update for ipa RHSA-2017:0001-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 25 Update: zookeeper-3.4.9-1.fc25
ZooKeeper is a centralized service for maintaining configuration informatio n, naming, providing distributed synchronization, and providing group services...
Aker SSH Gateway
Aker SSH Gateway Aker is a security tool that helps you configure your own Linux ssh jump/bastion host. Named after an Egyptian mythology deity who guarded the borders, Aker would act as choke point through which all your sysadmins and support staff access Linux production servers. Aker SSH gatew...
Mercenary Linux
Mercenary-Linux is a “new-era” lightweight distribution of mostly Dockerized tools built for field expedient hunting, forensics, and malware analysis. This problem birthed MHF Mercenary Hunt Framework which allows the hunt team to easily perform hunt operations within a framework that aggregates...
ZKTeco ZKAccess Security System 5.3.1 - stored XSS
Application description ZKAccess systems are built on flexible, open technology to provide management, real-time monitoring and control of your access control changes, access via a browser,without the need to install additional software. Security infrastructure devices centralized management,...
DMA Radius Manager 4.1.5 Cross Site Request Forgery
tanks: Dr Ms Jk - n1arash - Milad Hacking - malahsky...
FortiManager & FortiAnalyzer - Persistent Vulnerability
Document Title: =============== FortiManager & FortiAnalyzer - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1687 Fortinet PSIRT ID: 1624561 Bulletin:...
npm fails to restrict the actions of malicious npm packages
Overview npm allows packages to take actions that could result in a malicious npm package author to create a worm that spreads across the majority of the npm ecosystem. Description npm is the default package manager for Node.js, which is a runtime environment for developing server-side web...
Code injection
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...
F5 Networks BIG-IP : Privilege escalation vulnerability (K75136237)
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge...
Cisco Hosted Collaboration Mediation Fulfillment Information Disclosure Vulnerability
Cisco Hosted Collaboration Mediation Fulfillment HCM-F is a set of software for centralized management of Cisco HCS solutions from Cisco USA. The software provides configuration, management and monitoring of Cisco HCM-F services and other functions. An information disclosure vulnerability exists ...
FortiManager 5.2.2 - Persistent Cross-Site Scripting
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTIMANAGER-XSS-0924.txt Vendor: ================================ www.fortinet.com Product: ================================ FortiManager v5.2.2 FortiManager is a centralized security...
The vulnerability of the Cisco UCS Central device’s centralized management system allows a perpetrator to increase their privileges to execute arbitrary code.
The vulnerability of the Cisco UCS Central device management system exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to enhance their privileges to execute arbitrary code by sendi...